Is Sage going to address the other log4j Security Vulnerabilities?

Question

There are other log4j vulnerabilities besides, CVE-2021-44228 . There are also vulnerabilities for CVE-2019-17571, CVE-2020-9488 and CVE-2022-23302 . 
 I tried to flag this with Sage support but I hit a roadblock and they told me to contact SAP since the log4j is related to Crystal Reports. You would think they would contact SAP as they are partners working to incorporate their tools in the Fixed Assets application. 
 So, I contacted SAP and they also don't seem to have any answers on the log4j vulnerabilities and state there isn't an issue in their product. I passed the information onto our Account Manager but it doesn't appear that there is an update on this yet. It seems as if no one is looking into the vulnerabilities for log4j 1.x. 
 Now we are left to attempt to remediate the vulnerabilities ourselves and hope that this does not affect the product's functionality.

Ann Donie · Accepted Answer

Hi AliciaIT, 
 Thank you for your patience. Sage updated and expanded its research to ensure coverage of CVE-2019-17571, CVE-2020-9488, and CVE-2022-23302. There are no Log4J vulnerabilities listed at the NIST NVD or other vulnerability repositories for Crystal Reports. Sage takes the security of its customer solutions extremely seriously, and regularly undertakes proactive testing across its products.

Sage Fixed Assets

Is Sage going to address the other log4j Security Vulnerabilities?

COMMUNITY

COMPANY

PARTNERS

SUPPORT & TRAINING